M&E Journal: The Intangible Costs of Hacks (And What You Can Do About Them)
By Zuly Gonzalez, Co-Founder and CEO, Light Point Security –
HBO. Sony. Netflix. What do they all have in common? Every one of them has lost content in the past few years, with the resulting breaches costing millions.
But why? Well, with so many movies and TV shows dominating people’s free time these days, the content and properties that fill these studios’ shelves are worth a fortune, which has made them a hot new target for hackers who want a quick and easy way to generate a return on their effort.
Why studios get hacked
In an age in which some intellectual properties can be worth multiple billions of dollars (Harry Potter, Marvel Extended Universe, Game of Thrones, etc.), the market for exploits that can penetrate studio walls is bigger than ever.
For example, when the HBO media servers were hacked back in June of 2017, the perpetrators demanded $6 million as a ransom to not release several early Game of Thrones scripts along with upwards of 1.5TB of content that hadn’t yet gone live.
“Our demand is clear and Non-Negotiable: We want XXXX dollars to stop leaking your Data,” read the hackers’ letter to the company. “HBO spends 12 million for Market Research and 5 million for GOT7 advertisements. So, consider us another budget for your advertisements!”
Potentially pulling $6 million off a single intrusion would have made this attack one of the most profitable in history, though HBO claimed it never even considered the offer.
Major hacks like the HBO attack aren’t exclusively representative of the whole picture, however. For years hackers have made plenty of cash off of streaming services such as Netflix and Hulu by selling user account data on the Dark Web.
With so much money to be made, it’s no wonder that hackers have turned their attention from simple credit card scams to one of the most valuable commodities in our world today: the TV shows and movies we all watch during our time off work.
The direct costs of getting hacked
Whenever a major studio or the third-party companies they work with are breached, the reaction is generally the same as it would be for any industry. Whether it’s a financial institution, a university, or even your local movie theater, once a breach is detected the cost of finding the hole and sealing it can be significant.
According to IBM’s Cost of Data Breach report released earlier this year, the average cost of a company being hacked is roughly $3.86 million per attack, an increase from $3.62 million in 2017, while so-called “mega breaches” can reach into the hundreds of millions.
These numbers were calculated using IBM’s “activity-based costing” method, which accounts for both the direct cost of sealing up the holes in a company’s system as well as the preparatory tools needed to train employees on how to prevent another similar attack from happening again in the future.
These costs can include forensic investigations, audit services, crisis team management, legal expenditures and much more. But all of these financial burdens are just the direct impact. What about the other intangible costs that are associated with media and entertainment companies exclusively?
The indirect costs of getting hacked
While it’s simple for a movie studio to calculate how much a movie costs to produce and market, what can’t ever be accurately predicted is how much that property will net them in the end. This is the great gamble of Hollywood, of course.
The Sony hack is a prime example of this effect, where the company was pressured to withhold releasing its film, The Interview, after North Korean hackers breached its network. Who knows how much the film would have made if it hit theaters as planned?
But when discussing studio breaches, the amount of money that can be lost as a result can take many forms, including loss of reputation among top executives when emails are leaked, and lost opportunities when your studio is no longer trusted to keep proprietary information secure. Of course, these costs don’t even begin to scratch the surface of all the indirect impacts of a breach.
While it’s important to take security seriously to prevent costly breaches, it’s equally important to deploy smart security solutions that meet the unique needs of the M&E industry, because overly restrictive security policies can have a major impact on productivity.
For example, a visual effects artist may need to browse the web for reference images and videos. But according to Motion Picture Association of America (MPAA) best practice guidelines, media companies must “prohibit production network and all systems that process or store digital content from directly accessing the internet, including email.”
To meet this requirement, companies will often resort to placing two computers on every desk; one connected to the internet for general browsing, and another one cut off from the internet for production work. This system of two separate computers can lead to a frustrating experience, and drastically increase the cost to get up to MPAA standards.
So, what can studios do to protect their networks more effectively without losing money due to lost time and productivity?
How remote browser isolation solves this problem
According to the IBM report, with upwards of 75 percent of all data breaches happening as a result of careless employees who either consciously or unconsciously end up installing backdoors through social engineering and phishing attempts, remote browser isolation offers a perfect solution to this perpetual problem.
With a remote browsing solution protecting your production network, any emails, Facebook messages, links, or websites that any staff interacts with are rendered in a fully isolated virtual environment outside your production network. This means no web content ever enters your production network, so if any infected links or files are encountered, they are unable to access your content or cause any damage.
The level of isolation provided by remote browsing solutions is strong enough that users can do their web browsing from their primary desktop computer, while still maintaining MPAA compliance.
Not only does this save on the cost of setting up and maintaining a second network for internet browsing, but it also streamlines the workflow. It decreases the amount of time users spend jumping back and forth between two separate computers and simplifies the process of safely importing materials from the internet onto the gated workstations in the production network.
An added bonus is that a remote browsing solution can offer extensive logging and reporting functionality, allowing administrators and MPAA auditors to see what files are uploaded and downloaded, as well as which sites users are spending their time on; another potential productivity boost.
With so many different companies coming together to build a single movie, the need for a secure way to work and communicate is essential. Remote browser isolation provides a simple, cost-effective way for media and entertainment companies to solve all these problems. It is not only cost-effective, both from the stand point of preventing breaches and reducing IT overhead, but also delivers seamless user experience, making it a win-win for all.